Re: [squid-users] Dreaded NTLM problems !!!

From: Serassio Guido <guido.serassio@dont-contact.us>
Date: Wed, 20 Jul 2005 20:12:45 +0200

Hi Neil,

At 12.08 20/07/2005, Neil A. Hillard wrote:

>Hi,
>
> some of my users are having a problem accessing a site that
> uses NTLM authentication, through our forward proxy (non intercepting).
>
>I am fully aware of the problems with NTLM on web servers and have
>pointed this out to webmaster of that site and although they have a
>plan to change to Basic auth and SSL they haven't given any
>timescales. Meanwhile our user needs to access the site. Our policy
>says that all access should be via the proxy so we can't let them
>out directly through the firewall.
>
>What is strange is that squid (2.5-stable10) appears to be dropping
>the 'WWW-Authenticate' header.

This is not strange: It' happens by design. NTLM must be NOT used
with proxy for security reasons:

http://www.squid-cache.org/mail-archive/squid-dev/200507/0066.html

Regards

Guido

-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Wed Jul 20 2005 - 12:14:02 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT